Personal note - possible new project

I have often bounced ideas off you, and this is another one of those moments where I can use your input. I'm thinking of building an issue tracker that's made specifically to track and triage security issues. Think Jira, but much more focused. It would:

  • Pull in the list of issues/CVE's from your vulnerability scanners.
  • Provide data about each CVE to help the triaging process . Like descriptions and cvss scores, but also whether your OS has fixed it, any blogposts with more details on the issue, things like that.
  • Allow you to manage whitelisting in the tracker itself so it's not scanner dependant.
  • Generate documentation on each CVE: it's information, assets affected, actions taken, for compliance and internal record keeping.

Have you ever been in a spot where this would have made your life better?
If so, I’d be very grateful for a reply with any thoughts you have. I only have my own perspective right now, and I could really use others.

Dieter Van der Stock

Breaches and leaks

  • Millions of Lion Air passenger records exposed and exchanged on forums: link.
  • Medical images and details of 24.3 million patients left exposed on the Internet: link.
  • Data of 24.3 million Lumin PDF users shared on hacking forum: link.
Dieter Van der Stock